The Troopers experience will never be the same without the “IPv6 summit”. It is one of kind of two-day special event where different security experts gather to discuss IPv6 current challenges. It addresses different topics ranging from a broad introduction of the IPv6 to how secure the protocol is and what the latest standards are.
The summit is divided into 2 different tracks that run simultaneously. For the first day on the second track, Christopher Werny and Rafael Schaefer have carried out the first three sessions.
Christopher is the network security team leader at ERNW, he has been working on IPv6 since 2005 where he managed and carried multiple projects ranging from design till implementation and troubleshooting. Rafael is a well respected security analyst who presented different IPv6 security issues at different conference. For example, Black Hat and hack.lu
The first three sessions of Track 2 tackled the basic attacks and defense for IPv6. The session started with a basic introduction of the IPv6, like how its 128 bits are divided into a network and host ID parts with each being 64 bits or how the IPv6 addresses can be abbreviated by omitting the leading zeros. After this, the audience had a closer look at the different types of the IPv6 addresses and the different standards of the host and network ID assignment.
It was highlighted the integral role of the ICMPv6 (Internet Control Message Protocol for IPv6) in the IPv6 implementation, where different ICMPv6 packets were discussed as the neighbour solicitation and advertisements packets, router solicitation and advertisements packets and the too big packet.
The second session tackled the different possible attacks, showing how IPv6 was developed on the concept of “all local nodes are trusted!”
This session was more of a hands on experience with different tools, although Chiron and ipv6-tool were mentioned in the session. The thc-ipv6 was the main testing tool with different man-in-the-middle and denial of service attacks being carried on.
The neighbour solicitation and advertisements packets were easily exploited. That’s not to mention, how vulnerable the router discovery was or how the attackers can send bogus router advertisements and control the traffic flow.
It was interesting to see the CVE-2010-4669 into action. It was too real that one of the computers froze completely and there was no way except to restart it again.
The third session was dedicated to defense mechanisms and the different ways to protect the IPv6 network. The session shed the light on the Cisco-First-Hop-Security with its two phases. The tool implemented different security features like the router advertisements guard and the DHCPv6 guard. On the other hand, this tool is not enough to stop the attackers. It just introduced one level of difficulty against successful attacks. The security features introduced can be circumvented using the fragmentation of the neighbour discovery packets.
Hope everyone enjoyed it as much as I did and we’d like to hear from you back whether through comments or just drop us a line 😉
Be ready to celebrate a very special, 10th year anniversary of Troopers next year! Stay tuned 😉
Omar Eissa
http://www.si6networks.com/tools/ipv6toolkit/